Clever Geek Handbook

Where should I send a POST request?

I am writing an application using the Phalcon framework for PHP and I need to implement this functionality so that users can write posts on each other's walls. So with JQuery I would write:

function postMessage()  {
    var message = $("#messageBox").val().trim().replace(/\n/g, '<br/>');
    if(message) {
        $.post("// request handler", {msg: message, wall: {{ user.id }}, 
             writer: {{ session.get('user')['id'] }})
            .done(function() {
                $("#messageBox").val('');
                alert( "Message posted" );
            })
            .fail(function() {
                alert( "Error posting message, please try again" );
            });
    }
}

And this script will be located at domain.com/user/foobar

My question is what (or rather where) my request handler should be. I thought about it a bit and asked my friend and suggested three options:

  • Post to the same url as above, the script is located in (Ref.domain.com/user/foobar)
  • Post to a different url that has a different action in the same controller as option 1 (ex. Domain.com/postmessage. Both options 1 and 2 are in the same controller, but they are different actions)
  • Publish to API url (example api.domain.com)

Some of the pros I was thinking of were:

  • Both options 1 and 2 can access the session variable, so I can check if the user is logged in or not. With option 3 I can't, but I can (unrealistically) hope no one tries to abuse the system and post with Fiddler or something without being logged in.
  • Option 2 is slightly cleaner than option 1
  • Option 2 and 3 provide central request handlers, so if I wanted to implement the same message in the wall writing system I would only need to copy the jQuery code and place it in a new view or page. With option 1, I need to copy the code from the custom controller and reverse it in the controllers for every new page.

Some cons I was thinking about were:

  • Option 2 means I need to add additional routes to my router. More complex routing makes this possible. (And maybe slower ???)

(example

// Option 1
$router->add('/user/{id}',
    array(
       'controller' => 'user',
       'action'     => 'show'
    )
);

// Option 2
$router->add('/user/post/{id}',
    array(
       'controller' => 'user',
       'action'     => 'writeMessage'
    )
);

)

Which method is recommended and used?

+3


source to share


2 answers


I will define routes as needed. Or define one route and pass an additional parameter in the mail request that connects to the remote procedure.

Be careful when users are interested and close any loopholes. Consider adding a nonce.



Thank,

FROM

+3


source


Never assume that all of your users will be kind and smart, this is how people break the system. Check everything.



Typically: 1 route = 1 action If you don't have a route to send messages, adding one is the way to go. The route is like a simple "if" test, it will be done in a few nanoseconds.

+3


source






More articles:


All Articles